Web3py Auth

[villas]

Hi Massimo

Thanks for the auth implementation.  However, I personally think Groups are an essential feature of any auth.

As a suggestion, could you please consider at least a slimmed-down version of Groups.  I am thinking simply this:

• Extra field:  auth_user.group_ids list:reference
• Table:  auth_group,  (id, name)
  
• Function:  is_user_in_groups(user=auth.user, groups=[], all=True) 
• if all==False then 'any'
  
• groups could be list of ids or names  
  

Many thanks for your consideration!  D

[Massimo Di Pierro]

I am thinking for something. I am thinking of a generic tagging api which wold allow you to tag any object using efficient many2many and use hierarchical tags.

You would be able to tag users with group tags and efficiently search groups for users and users by group. I have a prototype but it will not go into the auth.py module.

would that be ok?

[黄祥]

I am thinking for something. I am thinking of a generic tagging api which wold allow you to tag any object using efficient many2many and use hierarchical tags.

You would be able to tag users with group tags and efficiently search groups for users and users by group. I have a prototype but it will not go into the auth.py module.

would that be ok?

an example in _scaffold is enough i think, learn from web2py auth, sometime user created table that even needed on the first place, e.g. auth_cas

just a suggestion perhaps for web2py, it's nice to implement 'explicit better than implicit', e.g. explicitly define which auth's table will be created and modified the fields (add new fields, rename generated auth fields, deleted generated fieldsetc)

best regards,

stifan

[Leonel Câmara]

I use the groups and permissions mechanics extensively in my applications. They're useful for lots of stuff. Sharing can be as simple as giving permission for a record. I also use tags for the same purpose but they're better for stuff which will be changing based on properties of an entity instead of explicit permissions. I think there should be both. Note that RBAC is kind of a standard that people understand, and while you can implement it with tags it's not so straightforward and easy to understand in practice because tags tend to originate a kind of spaghetti that makes understanding how the system works murkier. 

[villas]

Many2many: I think a generic tagging api is a great idea in general for web3py.  If we can leverage that for auth groups too,  then why not.  Clearly a link table adds complexity to all the queries, but if this is properly serviced by the api, then no prob.

Hierachical tagging,  nested sets always seem to be a real pain point for SQL unless recursive CTEs used.  But then things start getting a little tricky as the existing DAL doesn't do that (yet?).  There is still one easy option available though:  materialised path.  I think this is a great idea because the queries are super-simple and could easily be implemented for all sorts of hierarchical data structures.

The above options would be more than I suggested for auth groups, but would both enhance the feature-set of web3py and find lots of applications.

Thanks for thinking about these possibilities!